Offensive Security - Penetration Tester
Job Description
We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM.
Responsibilities
Responsibilities will vary based on background but will typically include:
- Lead and deliver offensive security and penetration testing engagements across multiple industries, ensuring high‑quality technical execution and clear, actionable reporting.
- Manage and grow key client relationships, helping shape and advance their offensive security, red teaming, and broader cybersecurity strategies.
- Communicate effectively with client stakeholders and project leaders to maintain strong relationships and ensure alignment on engagement goals.
- Build and maintain deep client trust by consistently delivering high‑value insights and exceptional service.
- Support business development activities, including scoping offensive security engagements and contributing to proposals.
- Conduct offensive security assessments aligned to industry frameworks and regulatory expectations, including but not limited to NIST CSF, NIST SP 800‑53, ISO 27001, DORA, FFIEC, and other relevant standards.
- Assist clients in designing and implementing remediation strategies to strengthen their security posture, including hardening recommendations, detection engineering insights, and improvements to incident response processes.
- Clearly articulate technical findings, exploitation paths, and recommendations to both technical and executive audiences, in writing and verbally.
- Identify opportunities to enhance engagement methodologies, tooling, and internal processes.
Required Qualifications
- 4+ years of relevant experience in offensive security, penetration testing, red teaming, or a closely related discipline.
- Willingness to travel up to 30% to client sites for engagements.
- Strong technical expertise in areas such as network and application penetration testing, adversary simulation, exploit development, cloud security testing, and/or social engineering.
- Familiarity with key compliance standards and regulatory frameworks (e.g., NIST CSF, NIST SP 800‑53, ISO 27001, DORA, FFIEC).
- Strong interpersonal skills with experience in a professional services firm, consultancy, or similar client‑facing environment.
- Demonstrated ability to collaborate effectively with cross‑functional teams.
Preferred Qualifications
- Bachelor’s degree in cybersecurity, information technology, computer science, or a related field from an accredited institution.
- One or more relevant cybersecurity certifications such as OSCP, CISSP, CISM, CISA, or similar.
- Experience with red team operations, purple team engagements, threat emulation, or adversary‑focused methodologies (MITRE ATT&CK, threat modeling, etc.).
- Familiarity with scripting or development languages commonly used in offensive tooling (e.g., Python, PowerShell, C#, Bash).
At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/working-at-rsm/benefits.
All applicants will receive consideration for employment as RSM does not tolerate discrimination and/or harassment based on race; color; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender; sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the US uniformed service; US Military/Veteran status; pre-disposing genetic characteristics or any other characteristic protected under applicable federal, state or local law.
Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please call us at 800-274-3978 or send us an email at [email protected].
RSM does not intend to hire entry level candidates who will require sponsorship now OR in the future (i.e. F-1 visa holders). If you are a recent U.S. college / university graduate possessing 1-2 years of progressive and relevant work experience in a same or similar role to the one for which you are applying, excluding internships, you may be eligible for hire as an experienced associate.
RSM will consider for employment qualified applicants with arrest or conviction records. For those living in California or applying to a position in California, please click here for additional information.
At RSM, an employee’s pay at any point in their career is intended to reflect their experiences, performance, and skills for their current role. The salary range (or starting rate for interns and associates) for this role represents numerous factors considered in the hiring decisions including, but not limited to, education, skills, work experience, certifications, location, etc. As such, pay for the successful candidate(s) could fall anywhere within the stated range.
Compensation Range: $95,400 - $192,000Individuals selected for this role will be eligible for a discretionary bonus based on firm and individual performance.